Detections
Analytics
Server-Side Includes (SSI) Injection
Description
SSIs are directives present on Web applications used to feed an HTML page with dynamic contents. They are similar to CGIs, except that SSIs are used to execute some actions before the current page is loaded or while the page is being visualized. In order to do so, the web server analyzes SSI before supplying the page to the user.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Web App Scanning | Web Applications | Authenticated Scan | HTTP/HTTPS | Server-Side Includes (SSI) Injection | Plugin IDs: 113634 |
References
Attack Path Technique Details
Framework: OWASP
Family: Injection
Technique: Server-Side Includes (SSI) Injection
Sub-Technique: Server-Side Includes (SSI) Injection
Platform: Web Application
Products Required: Tenable Web App Scanning
Tenable Release Date: 2022 Q2